The conventional approach to information security is to deploy enforcement mechanisms at the network perimeter, such as next-generation firewalls, proxy servers, network intrusion detection systems, and so on. However, in recent years, organizations have become increasingly wary of automatically trusting users merely because they are behind the perimeter, or on a trusted network. That is where zero trust architecture enters the picture and strives to close the vulnerability gap.